Anaesthetic devices are now ‘vulnerable’
A type of anaesthetic machine that has been used in NHS hospitals can be hacked and controlled from afar if left accessible on a hospital computer network, a cyber-security company says.
A successful attacker would be able to change the amount of anaesthetic delivered to a patient, CyberMDX said.
Nottingham University Hospitals (NUH) NHS Trust confirmed to the BBC that “a small number” of the devices were currently in use at its facilities, but were being phased out.
“None of the anaesthetic machines are connected to the internet or the NUH network so there is very little risk around these machines within NUH,” a spokesman told the BBC.
NHS Digital said it could not confirm the extent to which the machines were still in use across the NHS.
“We are currently assessing the volume of these particular anaesthetic machines in use across England and we will be sharing any subsequent advice with trusts in the coming days,” a spokeswoman said.
The company told BBC News it did not plan to release any security updates for the anaesthetic machines but hospitals should use secure network protocols to protect them from would-be hackers.
Cyber-security expert Ken Munro agreed that medical devices should be isolated within computer networks but added: “It’s not, frankly, the case in many hospital networks.”